Parent

Class/Module Index [+]

Quicksearch

Rex::Proto::DRDA::Utils

Public Class Methods

_info_accsecrd(ddm) click to toggle source
# File lib/rex/proto/drda/utils.rb, line 68
def self._info_accsecrd(ddm)
        info_hash = {:accsecrd => true}
        ddm.payload.each do |param|
                case param.codepoint
                when Constants::SECMEC
                        info_hash[:plaintext_auth] = true if param.payload =~ /\x00\x03/
                when Constants::SECCHKCD
                        info_hash[:security_check_code] = param.payload.unpack("C").first
                        # A little spurious? This is always nonzero when there's no SECCHKRM DDM.
                        info_hash[:db_login_success] = false unless info_hash[:security_check_code].zero?
                else
                        next
                end
        end
        return info_hash
end
_info_excsatrd(ddm) click to toggle source
# File lib/rex/proto/drda/utils.rb, line 51
def self._info_excsatrd(ddm)
        info_hash = {:excsatrd => true}
        ddm.payload.each do |param|
                case param.codepoint
                when Constants::SRVNAM
                        info_hash[:instance_name] = Rex::Text.from_ebcdic(param.payload)
                when Constants::SRVCLSNM
                        info_hash[:platform] = Rex::Text.from_ebcdic(param.payload)
                when Constants::SRVRLSLV
                        info_hash[:version] = Rex::Text.from_ebcdic(param.payload)
                else
                        next
                end
        end
        return info_hash
end
_info_rdbnfnrm(ddm) click to toggle source
# File lib/rex/proto/drda/utils.rb, line 85
def self._info_rdbnfnrm(ddm)
        info_hash = {:rdbnfnrm => true}
        info_hash[:database_found] = false
        ddm.payload.each do |param|
                case param.codepoint
                when Constants::RDBNAM
                        info_hash[:db_name] = Rex::Text.from_ebcdic(param.payload).unpack("A*").first
                when Constants::SRVDGN
                        info_hash[:error_message] = Rex::Text.from_ebcdic(param.payload)
                else
                        next
                end
        end
        return info_hash
end
_info_secchkrm(ddm) click to toggle source
# File lib/rex/proto/drda/utils.rb, line 101
def self._info_secchkrm(ddm)
        info_hash = {:secchkrm => true}
        ddm.payload.each do |param|
                case param.codepoint
                when Constants::SRVCOD
                        info_hash[:severity_code] = param.payload.unpack("n").first
                when Constants::SECCHKCD
                        info_hash[:security_check_code] = param.payload.unpack("C").first
                else
                        next
                end
        end
        if info_hash[:serverity].to_i.zero? and info_hash[:security_check_code].to_i.zero?
                info_hash[:db_login_success] = true
        end
        return info_hash
end
client_auth(args={}) click to toggle source

Creates a packet with EXCSAT_DDM and an SECCHK_DDM. In order to ever succeed, you do need a successful probe first.

# File lib/rex/proto/drda/utils.rb, line 20
def self.client_auth(args={})
        dbname = args[:dbname]
        dbuser = args[:dbuser]
        dbpass = args[:dbpass]
        pkt = [
                ACCSEC_DDM.new(:format => 0x41),
                SECCHK_DDM.new(:dbname => dbname, :dbuser => dbuser, :dbpass => dbpass)
        ]
        pkt.map {|x| x.to_s}.join
end
client_probe(dbname=nil) click to toggle source

Creates a packet with EXCSAT_DDM and an ACCSEC_DDM. This will elicit a reponse from the target server.

# File lib/rex/proto/drda/utils.rb, line 10
def self.client_probe(dbname=nil)
        pkt = [
                EXCSAT_DDM.new,
                ACCSEC_DDM.new(:dbname => dbname)
        ]
        pkt.map {|x| x.to_s}.join
end
server_packet_info(obj) click to toggle source
# File lib/rex/proto/drda/utils.rb, line 31
def self.server_packet_info(obj)
        info_hash = {}
        return info_hash unless obj.kind_of? Rex::Proto::DRDA::SERVER_PACKET
        obj.each do |ddm|
                case ddm.codepoint
                when Constants::EXCSATRD
                        info_hash.merge!(_info_excsatrd(ddm))
                when Constants::ACCSECRD
                        info_hash.merge!(_info_accsecrd(ddm))
                when Constants::RDBNFNRM
                        info_hash.merge!(_info_rdbnfnrm(ddm))
                when Constants::SECCHKRM
                        info_hash.merge!(_info_secchkrm(ddm))
                else
                        next
                end
        end
        return info_hash
end

[Validate]

Generated with the Darkfish Rdoc Generator 2.